Skip to main content

Privacy Policy

Last Updated: November 7, 2025

1. Introduction

Ubi Biologics ("Company", "we", "us", or "our") is committed to protecting your privacy and the confidentiality of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (collectively, the "Services").

Important Principle: Your Data Remains Yours

We want to be absolutely clear about our fundamental commitment to your data:

  • Your data, code, analyses, and research remain solely yours
  • We will never sell your data to third parties
  • We may use aggregated, de-identified data for business analytics, product improvements, and machine learning model training to enhance our Services
  • We may use your data to make informed business decisions and improve platform functionality

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Services.

2. Definitions

For purposes of this Privacy Policy:

  • "Personal Information" means information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household
  • "Processing" means any operation performed on Personal Information, including collection, use, storage, disclosure, or deletion
  • "User Content" means any data, files, analyses, code, or other materials you upload or submit to the Services
  • "Usage Data" means information collected automatically about your use of the Services
  • "De-identified Data" means data that has been processed to remove all personally identifiable information

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

Account Registration:

  • Name
  • Email address
  • Organization/institution name
  • Job title
  • Password (stored in encrypted form)
  • Phone number (optional)
  • Billing address
  • Payment information (processed securely through third-party payment processors)

Profile Information:

  • Professional credentials
  • Research interests
  • Profile photo (optional)
  • Biographical information (optional)

User Content:

  • Biological sequences and data
  • Experimental protocols
  • Research notes and documentation
  • Analysis results
  • Custom workflows
  • Uploaded files and datasets
  • Project information
  • Collaboration and sharing preferences

Communications:

  • Support requests and correspondence
  • Survey responses
  • Feedback and feature requests
  • Messages sent through the Services

3.2 Information Collected Automatically

When you access or use the Services, we automatically collect:

Device Information:

  • IP address
  • Browser type and version
  • Operating system and version
  • Device type (desktop, mobile, tablet)
  • Unique device identifiers
  • Screen resolution

Usage Data:

  • Pages and features accessed
  • Time and date of visits
  • Time spent on pages
  • Click-through rates
  • Navigation paths
  • Search queries within the Services
  • Feature usage patterns
  • Error logs and performance data

Location Information:

  • General geographic location (city, region, country) based on IP address
  • We do not collect precise geolocation data without explicit permission

Cookies and Tracking Technologies:

  • Session cookies (essential for Service functionality)
  • Persistent cookies (for preferences and settings)
  • Analytics cookies (for understanding usage patterns)
  • See Section 9 for detailed information about cookies

3.3 Information from Third-Party Sources

We may receive information from:

Single Sign-On (SSO) Providers:

  • If you register or log in using SSO (e.g., Google, Microsoft, institutional SSO), we receive basic profile information such as name, email address, and profile photo

Payment Processors:

  • Transaction confirmation and payment status
  • We do not store full credit card numbers

Public Databases and Research Resources:

  • Scientific publication records (if you link your profile)
  • ORCID or other research identifiers (with your permission)

4. How We Use Your Information

4.1 Primary Uses

We use the collected information for the following purposes:

Service Delivery and Performance:

  • Provide, operate, and maintain the Services
  • Process your transactions and manage your account
  • Enable core functionality including data analysis, visualization, and collaboration
  • Store and manage your User Content
  • Authenticate users and prevent unauthorized access
  • Provide technical support and respond to inquiries

Service Improvement:

  • Understand how users interact with the Services
  • Identify usage trends and patterns
  • Develop new features and functionality
  • Improve user experience and interface design
  • Conduct research and analysis on Service performance
  • Debug and troubleshoot technical issues
  • Train and improve machine learning models and AI features
  • Make data-driven business decisions to enhance the Services

Communication:

  • Send administrative information, including account confirmations, security alerts, and Service updates
  • Respond to support requests and communications
  • Send newsletters and product announcements (with opt-out option)
  • Notify you of changes to Terms of Service or Privacy Policy

Security and Compliance:

  • Detect, prevent, and respond to security incidents and fraudulent activity
  • Monitor for suspicious or malicious behavior
  • Enforce our Terms of Service
  • Comply with legal obligations and respond to lawful requests
  • Protect the rights, property, and safety of the Company, users, and the public

Analytics and Research:

  • Create aggregated, de-identified statistics about Service usage
  • Conduct market research and competitive analysis
  • Generate performance benchmarks and metrics
  • Publish research and academic papers using de-identified, aggregated data
  • Train machine learning and AI models using aggregated, de-identified data
  • Develop and improve algorithms and analytical tools

Billing and Payments:

  • Process payments and manage subscriptions
  • Issue invoices and receipts
  • Detect and prevent payment fraud
  • Manage account credits and refunds

4.2 How We DO NOT Use Your Information

We want to be explicitly clear about what we do NOT do with your data:

We Will Never:

  • Sell your Personal Information or identifiable User Content to third parties
  • Rent or lease your identifiable data to advertisers, data brokers, or other parties
  • Share your proprietary research data with competitors
  • Disclose your identifiable User Content to other users or organizations without your permission
  • Include your identifiable data in public datasets or publications without consent

We May Use:

  • Aggregated, de-identified data for machine learning model training and improvement
  • Anonymized usage patterns for business analytics and decision-making
  • De-identified User Content to enhance platform features and develop new capabilities
  • Non-identifiable data for research, product development, and Service optimization

5. How We Share Your Information

5.1 Data Sharing Principles

Your data is confidential and protected. We only share information in the following limited circumstances:

5.2 Service Providers and Subprocessors

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Cloud infrastructure and hosting (e.g., AWS, Azure, Google Cloud)
  • Payment processing (e.g., Stripe)
  • Email delivery services
  • Customer support tools
  • Analytics services
  • Security and fraud prevention services

Data Processing Agreements: All service providers are bound by data processing agreements that:

  • Prohibit use of your data for their own purposes
  • Require appropriate security measures
  • Mandate compliance with applicable privacy laws
  • Include confidentiality obligations

A current list of subprocessors is available upon request.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. You will be notified via email and/or prominent notice on our website of any such change in ownership or control of your Personal Information.

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders, search warrants)
  • Government or regulatory requests
  • Requests from law enforcement
  • Legal claims or disputes
  • National security requirements

We will:

  • Carefully review all requests for legal sufficiency
  • Limit disclosure to the minimum necessary
  • Notify you of requests unless legally prohibited
  • Publish transparency reports about government requests

We may share your information with third parties when you explicitly authorize us to do so, such as:

  • Collaborators you invite to your projects
  • Integration with third-party tools you connect
  • Export of your data to external systems
  • Public sharing of research results you choose to make public

5.6 Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, including:

  • Industry benchmarks and statistics
  • Usage trends and patterns
  • Research findings in academic publications
  • Product marketing materials

6. Data Retention

6.1 Retention Principles

We retain your information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

6.2 Retention Periods

Active Accounts:

  • Account information: Retained while your account is active
  • User Content: Retained indefinitely until you delete it or close your account
  • Usage logs: Typically retained for 24 months
  • Security logs: Retained for 12-36 months depending on type

Closed Accounts:

  • Upon account closure, we will delete or anonymize your Personal Information within 90 days
  • You may request immediate deletion of your data
  • Backups may retain data for up to an additional 90 days before permanent deletion

Legal and Compliance:

  • Financial records: Retained for 7 years as required by law
  • Records subject to legal holds: Retained until the hold is lifted

De-identified Data:

  • Aggregated, de-identified analytics data may be retained indefinitely

6.3 Data Deletion

You may request deletion of your data at any time by:

Upon deletion request, we will:

  1. Immediately cease processing your data for Service delivery
  2. Delete or anonymize your Personal Information within 30 days
  3. Provide confirmation of deletion upon completion
  4. Note that backups may retain data for up to 90 additional days

7. Data Security

7.1 Security Commitment

We implement and maintain comprehensive technical, organizational, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

However, please note: No internet transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Security risk is inherent in all internet technologies.

7.2 Security Measures

Our security program includes:

Technical Safeguards:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using industry-standard algorithms
  • Secure credential storage using bcrypt or similar hashing
  • Multi-factor authentication options
  • Automated vulnerability scanning
  • Regular security testing and penetration testing
  • Intrusion detection and prevention systems
  • Secure software development lifecycle
  • Security logging and monitoring

Organizational Safeguards:

  • Employee security training and awareness programs
  • Background checks for employees with data access
  • Confidentiality agreements with all personnel
  • Defined data access controls and principles of least privilege
  • Incident response and breach notification procedures
  • Regular security audits and assessments
  • Security-focused organizational culture

Physical Safeguards:

  • Secure data center facilities with restricted access
  • Environmental controls and redundancy
  • Backup and disaster recovery systems

7.3 Your Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using a strong, unique password
  • Enabling multi-factor authentication
  • Keeping your contact information current
  • Logging out of shared devices
  • Reporting suspected security incidents

7.4 Security Incidents

In the event of a data breach that affects your Personal Information, we will:

  • Investigate and contain the incident promptly
  • Notify affected users within 72 hours of discovery
  • Provide details about the nature and scope of the breach
  • Offer guidance on protective measures
  • Notify relevant regulatory authorities as required by law
  • Conduct a post-incident review and implement improvements

8. International Data Transfers

8.1 Global Operations

Ubi Biologics is based in the United States. If you access the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

8.2 Data Protection Standards

Different countries have varying data protection laws and regulations. The United States may not provide the same level of data protection as your home country.

When we transfer data internationally, we implement appropriate safeguards including:

  • Standard contractual clauses approved by regulatory authorities
  • Data processing agreements with third-party processors
  • Compliance with EU-U.S. Data Privacy Framework (if applicable)
  • Compliance with Swiss-U.S. Data Privacy Framework (if applicable)

8.3 European Economic Area (EEA) and UK Users

If you are located in the EEA or UK, you have specific rights under the General Data Protection Regulation (GDPR) and UK GDPR. See Section 11 for details.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners.

9.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Purpose: Essential for Service functionality, authentication, and security
  • Examples: Session management, load balancing, security tokens
  • Duration: Session or up to 30 days
  • Cannot be disabled without affecting Service functionality

Functional Cookies:

  • Purpose: Remember your preferences and settings
  • Examples: Language preferences, display settings, recently viewed items
  • Duration: Up to 12 months
  • Can be disabled, but may affect user experience

Analytics Cookies:

  • Purpose: Help us understand how users interact with the Services
  • Examples: Google Analytics, internal analytics
  • Duration: Up to 24 months
  • Can be disabled through cookie settings

Performance Cookies:

  • Purpose: Monitor Service performance and identify issues
  • Examples: Error tracking, page load times
  • Duration: Up to 12 months
  • Can be disabled through cookie settings

9.3 Third-Party Cookies

We use the following third-party analytics and tracking services:

  • Google Analytics: Tracks website usage and traffic patterns
  • Microsoft Clarity: Provides session replay and heatmaps for UX improvement
  • Sentry: Error tracking and performance monitoring

Each third-party service has its own privacy policy governing data use.

9.4 Managing Cookies

You can control cookies through:

Browser Settings:

  • Most browsers allow you to refuse cookies or delete cookies
  • Consult your browser's help documentation for instructions

Cookie Preference Center:

  • Access through the Services to enable or disable non-essential cookies

Opt-Out Links:

Note: Disabling necessary cookies may impact Service functionality.

9.5 Other Tracking Technologies

We may also use:

  • Web beacons: Small graphics that track page views and email opens
  • Local storage: HTML5 local storage for performance optimization
  • SDKs: Third-party software development kits for analytics and functionality

10.1 Third-Party Integrations

The Services may integrate with third-party platforms and tools, including:

  • Cloud storage providers (Dropbox, Google Drive, OneDrive)
  • Collaboration tools
  • Research databases and repositories
  • AI and machine learning services
  • Authentication providers (SSO, OAuth)

When you enable integrations:

  • You authorize data sharing with the third-party service
  • The third party's privacy policy governs their use of your data
  • We are not responsible for third-party privacy practices
  • You can revoke integration access at any time

The Services may contain links to third-party websites or resources. We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policies of any third-party sites you visit.

10.3 AI Service Providers

When you use AI-powered features, your inputs may be processed by third-party AI providers such as:

  • OpenAI (GPT models)
  • Anthropic (Claude models)
  • Google (Gemini models)
  • Microsoft (Azure OpenAI)

Important notes:

  • We may use de-identified, aggregated AI inputs and outputs to improve our Services and train our models
  • Third-party AI providers have their own data usage policies
  • Some AI providers may use inputs to improve their models (review their policies)
  • You are responsible for reviewing and accepting third-party AI terms

11. Your Privacy Rights

11.1 General Rights

Regardless of your location, you have the following rights:

Access:

  • Request confirmation of what Personal Information we hold about you
  • Obtain a copy of your Personal Information
  • Receive information about how we process your data

Correction:

  • Request correction of inaccurate or incomplete Personal Information
  • Update your account information directly through the Services

Deletion:

  • Request deletion of your Personal Information
  • Close your account and have data removed

Data Portability:

  • Request your data in a structured, machine-readable format
  • Export your User Content at any time through the Services

Objection:

  • Object to certain types of processing, such as direct marketing
  • Opt-out of non-essential communications

Restriction:

  • Request restriction of processing in certain circumstances

11.2 Rights for EEA, UK, and Swiss Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR:

Legal Basis for Processing: We process your Personal Information based on:

  • Contract: To provide the Services you requested
  • Legitimate interests: To improve Services, ensure security, conduct business operations, and train machine learning models using de-identified data
  • Consent: Where you have provided explicit consent
  • Legal obligation: To comply with applicable laws

Right to Withdraw Consent:

  • Where processing is based on consent, you may withdraw consent at any time
  • Withdrawal does not affect the lawfulness of prior processing

Right to Lodge a Complaint:

  • You have the right to lodge a complaint with your local data protection authority

Data Protection Officer: Contact our Data Protection Officer at: dpo@ubibiologics.com

11.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

  • Categories of Personal Information collected
  • Categories of sources
  • Business or commercial purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of Personal Information collected

Right to Delete:

  • Request deletion of Personal Information we collected

Right to Opt-Out:

  • Opt-out of "sale" or "sharing" of Personal Information
  • Note: We do not sell or share Personal Information as defined by CCPA

Right to Correct:

  • Request correction of inaccurate Personal Information

Right to Limit Use of Sensitive Personal Information:

  • Limit use of sensitive Personal Information (if applicable)

Right to Non-Discrimination:

  • Exercise privacy rights without discriminatory treatment

Authorized Agents:

  • Designate an authorized agent to submit requests on your behalf

Shine the Light:

  • Request information about disclosure to third parties for direct marketing (we do not disclose for this purpose)

11.4 Rights for Other Jurisdictions

We comply with applicable privacy laws in other jurisdictions, including:

  • Canada (PIPEDA): Access, correction, and challenge compliance
  • Australia (Privacy Act): Access, correction, and complaint rights
  • Brazil (LGPD): Access, correction, deletion, portability, and consent withdrawal
  • Japan (APPI): Disclosure, correction, suspension of use, and deletion

11.5 Exercising Your Rights

To exercise any of these rights:

Submit a Request:

  • Email: privacy@ubibiologics.com
  • Online form: [Available on our website]
  • Mail: Ubi Biologics, Attn: Privacy Office, [Address]

Verification:

  • We will verify your identity before processing requests
  • We may request additional information to confirm your identity
  • Authorized agents must provide proof of authorization

Response Time:

  • We will respond to verified requests within 30 days (or as required by applicable law)
  • We may extend the response period by an additional 30 days if necessary

No Fee:

  • We do not charge a fee to process requests unless they are manifestly unfounded, excessive, or repetitive

12. Children's Privacy

12.1 Age Restriction

The Services are not intended for children under the age of 18. We do not knowingly collect Personal Information from children under 18.

12.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us at privacy@ubibiologics.com. We will delete such information from our systems.

12.3 School and Research Use

If the Services are used in an educational or research setting where users under 18 may access the platform:

  • The institution is responsible for obtaining necessary parental consents
  • The institution acts as the data controller
  • We process data only on behalf of the institution

13. Changes to This Privacy Policy

13.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes by:

  • Posting the updated Privacy Policy with a new "Last Updated" date
  • Sending email notification to your registered email address
  • Displaying a prominent notice within the Services

13.2 Effective Date

Changes become effective upon posting unless otherwise specified.

13.3 Continued Use

Your continued use of the Services after changes become effective constitutes your acceptance of the updated Privacy Policy.

13.4 Material Changes

For material changes that significantly affect your rights, we may request your explicit consent.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Office Ubi Biologics Email: privacy@ubibiologics.com Support: support@ubibiologics.com

Data Protection Officer (for GDPR inquiries): Email: dpo@ubibiologics.com

For California Residents (CCPA inquiries): Email: california-privacy@ubibiologics.com

We will respond to all inquiries within 30 days.

15. Additional Information for Specific Jurisdictions

15.1 European Economic Area (EEA) and United Kingdom

Data Controller: Ubi Biologics is the data controller for Personal Information processed through the Services.

Legal Basis Summary:

  • Performance of contract: Account management and Service delivery
  • Legitimate interests: Service improvement, security, fraud prevention
  • Consent: Marketing communications, optional features
  • Legal obligation: Compliance with laws and regulations

EU Representative: [If applicable]

UK Representative: [If applicable]

Supervisory Authority: You may lodge a complaint with the Information Commissioner's Office (UK) or your local data protection authority.

15.2 California

Business Information:

  • Business name: Ubi Biologics
  • Categories of Personal Information collected: See Section 3
  • Business purposes: See Section 4
  • Categories shared: See Section 5

Do Not Sell My Personal Information: We do not sell Personal Information as defined by CCPA. We do not share Personal Information for cross-context behavioral advertising.

Financial Incentives: We do not offer financial incentives for collection, retention, or sale of Personal Information.

15.3 Other Jurisdictions

We are committed to complying with privacy laws in all jurisdictions where we operate. If you have specific questions about compliance in your jurisdiction, please contact us.


This Privacy Policy is effective as of the "Last Updated" date above and applies to all users of the Services.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.